An open discussion list for topics related to the geteduroam service

[Paul Dekkers <paul.dekkers AT surf.nl>]

Hi,

On 01/03/2021 15:00, Gheorghiță Butnaru wrote:

Recently we received access to CAT admin and did some testing with the eduroamCAT app.

In the past few days, I saw some posts on the cat mailing list about the CAT update and the plan to migrate to the geteduroam app.

Today I tested the app (android 8 and 10) with a profile downloaded from cat.eduroam.org. Everything worked fine compared to the eduroamCAT, which generate a certificate error on the radius server (https://lists.geant.org/sympa/arc/cat-users/2021-02/msg00015.html).

Thanks to the fact that we didn't promote the CAT to our users, I want to start testing with the geteduroam project.

Right now, I am interested in some guidance:

- what do we need to do to be part of the list of institutions?

We bring all eduroam CAT profiles into the list of institutions and profiles. If you're not listed, drop me a note. It's most likely stale cache (and our caching is a bit too aggressive now ;-) we need to work on that).

These are both the profiles that you use with your regular RADIUS accounts, as well as profiles that may use a specific "geteduroam-only" approach:

- are there any news about hosted geteduroam solution within GÉANT?

So my previous answer is more or less in case you want to use "normal" CAT profiles.

If you want to create eduroam pseudo-accounts based on your federated eduGAIN SAML-authentication, that's indeed also part of geteduroam. You can use this as a service from GEANT, if your NRO agrees. (You'd get eg. tuiasi-ro.get.eduroam.org as a realm.)

You also need to create a profile for this in CAT, so you can be discovered from both CAT and geteduroam. (CAT will however redirect you from the website. It works quite well actually.)

- we can try with a self-hosted geteduroam server, are there any directions for that?

If you want to host your own pseudo-accounts, that's definitely possible! There is documentation.

However, this server part is the part of the concept that is still a bit "in flux". We're likely to make changes that will require database migrations and what not. Of course we implement this ourselves in the centralized infrastructure, so that will continue to work well. We may not be able to offer a lot of support on this if you host it yourself (considered "for the experts") but it is documented, with a reference implementation for Debian. And if you follow the commits and notes and have a test-implementation, you're problably fine.

Regards,
Paul